The collapse of FTX has already become one of the most spectacular financial disasters in history, as hundreds of millions of dollars were siphoned just hours after the crypto exchange declared bankruptcy.
According to Chainalysis, 2022 was on pace to become the worst year ever for money lost to hackers and exploits. At the last count, $3 billion has been taken. Every day brings news of new hacks involving hundreds of millions of dollars in the blockchain industry.
However, when that happens, thousands of users will lose a significant chunk of their savings, and the protocol (or cryptocurrency as a whole) will lose some trust.
Cyberattacks and fraud in 2022 have hit cryptocurrency investors hard. The fact that scammers have found a particularly practical way to access them: bridges is one explanation.
Some of the bridge’s vulnerabilities can be attributed to sloppy engineering.
For example, Harmony’s Horizon bridge was hacked due to the low number of validators required to approve transactions. Out of a total of five accounts, he only had to compromise two for the hacker to obtain the passwords needed to withdraw funds.
The same thing happened with Ronin. To unlock a cipher that was locked in the system, the hacker only had to convince five of his nine validators on the network to hand over the private key. I was.
In Nomad’s situation, it was fairly easy for a hacker to manipulate the bridge. Even if the bridge doesn’t have enough funds deposited, an attacker could enter any value and then withdraw money from the system. According to Elliptic, they didn’t require any programming knowledge and as a result of their success many copycats took part, making it the eighth largest crypto heist in history.
In DeFi, instead of centralized parties handling all financial transactions, programmable computer code known as smart contracts does the heavy lifting. The contract is executed when certain criteria are met and recorded on a public blockchain such as Ethereum or Solana, eliminating the need for a central mediator.
Developers need to make blockchains interoperable as the DeFi market continues to develop to ensure that assets and data can move freely between networks.
- Despite everything, hacking has certain advantages. New approaches to problems are developed by people, and people market them.
- The concept is supported by the market. (Whether to buy or not, whether the product works as expected…)
- Given the market reaction, new ideas based on the original are discovered.
All technologies suffer from this and web3 is no exception. The first year of Bitcoin’s existence did not see implementation of all protocols, payments, decentralized games, DEFI, security, etc.
Instead, they were introduced gradually.
Part 2 of this scheme is where the hacking takes place. Some ‘bad guys’ in the market may abuse or hack the system to their advantage, but Part 3 establishes additional safeguards against these hacks/abuses. , some of which may be used beyond the parameters of the concept.
This also applies to many new technologies such as ZK knowledge, decentralization, etc., developed as a result of hacking.
Web2 was also incredibly insecure
In its early days, Web2 was widely hacked, easily exploitable (at least with the necessary tools), and very insecure.
These days, anyone, even a teenager, can ruin a website with a little technical know-how.
Web2 hacks continue to occur, but their frequency and severity have decreased significantly relative to the total number of websites.
A safer internet than ever before. In fact, 10-15 years ago it was pretty easy to “hack” a website.
- Before 2015, you had to pay a monthly subscription to use HTTPS on your website, so it was easy to intercept communications and get your password. This is because the HTTPS protocol, which encrypts communications, was not very popular.
- Instead of using secure frameworks created by experts with more experience than themselves, users built the software themselves. (Consider modifying the ERC20 open-zeppelin library to deploy tokens.)
- Quite a few code lessons were flawed, and the vast majority of developers were unaware of even basic security holes (SQL injection, XSS, etc.).
This is no longer true. Any (real) educational institution or online course will teach you how to avoid these mistakes.
Hackers should aim for a higher entry level to grasp web2 security.
The same is true for Web 3. At first, the “simple hacks” (such as missing onlyOwner and integer overruns) were very beneficial.
However, developers are becoming more and more aware of the various pitfalls that can be encountered, so it doesn’t matter.
Additionally, security-enhancing technologies may become available, such as compilers that issue warnings or generate errors when integer overflow or initialized pointers occur. As a result, as of Solidity 0.8.0, exploiting these weaknesses is virtually impossible.
Hacking helps improve DEFI security and identify new, more effective ways to deal with problems.
Here’s what blockchain hacking/audits will look like in 5 or 10 years.
Auditing smart contracts requires the use of more specific skills (mathematics, cryptography, EVM, etc.). (especially as ZK knowledge becomes more accessible)
Fortunately, there is still hope. When it comes to auditing code, monitoring network activity, and establishing a clear attack response strategy in the event of an exploit, the protocol could step up the game. Years like this may no longer exist if the industry takes heed and implements these protections.
closing note
Since Solidity 0.8.0, the efforts of compilers and developers have already made it virtually impossible to exploit integer overflows and uninitialized references. Simple flaws (such as reentrancy and tx.origin) are essentially gone.
Some auditing solutions (such as web2) may perform better than others, but they cannot completely replace manual auditing (even when AI is involved, such as Chat GPT).
Over the past 12 months, a series of worrisome attacks and exploits have plagued the cryptocurrency industry. Too many things have happened to count. Urgent action is required.
New to trading?Try our crypto trading bots or copy your trades on the best crypto exchanges